diff options
| author | Klemens Nanni <kn@cvs.openbsd.org> | 2023-04-18 22:20:17 +0000 |
|---|---|---|
| committer | Klemens Nanni <kn@cvs.openbsd.org> | 2023-04-18 22:20:17 +0000 |
| commit | 99fe31a58cf3896de37e0a5da3ac0a24fc587909 (patch) | |
| tree | cd65d0435fdf138f777e8332e2a4597a36587822 /sys | |
| parent | 2a0885608f7f356466c08865d6a8f19736dd893a (diff) | |
Hoist identical privilege checks in in_ioctl*()
All cases do the same check as first step, so merge it before the switch
and before grapping exclusive locks.
OK mvs
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/in.c | 35 |
1 files changed, 9 insertions, 26 deletions
diff --git a/sys/netinet/in.c b/sys/netinet/in.c index ffc8ebc9bf5..498cb2f6bd3 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in.c,v 1.180 2023/04/15 13:24:47 kn Exp $ */ +/* $OpenBSD: in.c,v 1.181 2023/04/18 22:20:16 kn Exp $ */ /* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */ /* @@ -282,13 +282,13 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) goto err; } + if (!privileged) { + error = EPERM; + goto err; + } + switch (cmd) { case SIOCSIFDSTADDR: - if (!privileged) { - error = EPERM; - break; - } - if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { error = EINVAL; break; @@ -308,11 +308,6 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) break; case SIOCSIFBRDADDR: - if (!privileged) { - error = EPERM; - break; - } - if ((ifp->if_flags & IFF_BROADCAST) == 0) { error = EINVAL; break; @@ -324,11 +319,6 @@ in_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, int privileged) break; case SIOCSIFNETMASK: - if (!privileged) { - error = EPERM; - break; - } - if (ifr->ifr_addr.sa_len < 8) { error = EINVAL; break; @@ -429,6 +419,9 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, return (error); } + if (!privileged) + return (EPERM); + KERNEL_LOCK(); NET_LOCK(); @@ -447,11 +440,6 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, case SIOCAIFADDR: { int needinit = 0; - if (!privileged) { - error = EPERM; - break; - } - if (ifra->ifra_mask.sin_len) { if (ifra->ifra_mask.sin_len < 8) { error = EINVAL; @@ -534,11 +522,6 @@ in_ioctl_change_ifaddr(u_long cmd, caddr_t data, struct ifnet *ifp, break; } case SIOCDIFADDR: - if (!privileged) { - error = EPERM; - break; - } - if (ia == NULL) { error = EADDRNOTAVAIL; break; |